qa-agent 0.2.2__tar.gz → 0.2.3__tar.gz

{qa_agent-0.2.2/qa_agent.egg-info → qa_agent-0.2.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: qa-agent
-Version: 0.2.2
+Version: 0.2.3
 Summary: Agentic exploratory QA testing for web applications
 Author: Bill Richards
 License: MIT License
@@ -90,7 +90,8 @@ Need targeted tests? Pass plain-English instructions and an LLM generates custom
 
 ---
 
-## Table of Contents
+<details>
+<summary><strong>Table of Contents</strong></summary>
 
 - [Features](#features)
 - [Installation](#installation)

{qa_agent-0.2.2 → qa_agent-0.2.3}/README.md

@@ -23,7 +23,8 @@ Need targeted tests? Pass plain-English instructions and an LLM generates custom
 
 ---
 
-## Table of Contents
+<details>
+<summary><strong>Table of Contents</strong></summary>
 
 - [Features](#features)
 - [Installation](#installation)

{qa_agent-0.2.2 → qa_agent-0.2.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "qa-agent"
-version = "0.2.2"
+version = "0.2.3"
 description = "Agentic exploratory QA testing for web applications"
 readme = "README.md"
 license = {file = "LICENSE"}

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/__init__.py

@@ -11,4 +11,4 @@ try:
     __version__ = version("qa-agent")
 except PackageNotFoundError:
     # Package not installed (e.g. running from source without install)
-    __version__ = "0.2.2"
+    __version__ = "0.2.3"

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/agent.py

@@ -54,6 +54,13 @@ class QAAgent:
         self.urls_to_visit: list[str] = []
         self.test_plan: TestPlan | None = None
         self.stop_event: threading.Event | None = None  # Set by web server to request graceful stop
+        self._reauth_count: int = 0  # Guards against infinite re-auth loops on bad credentials
+
+        # If instructions explicitly mention logout/destructive flows, honour the user's intent
+        # and disable the default destructive-link heuristic in explore mode.
+        _instruction_text = (config.instructions or "").lower()
+        _destructive_keywords = ["logout", "log out", "sign out", "signout", "log-out", "sign-out"]
+        self._allow_destructive_urls: bool = any(kw in _instruction_text for kw in _destructive_keywords)
 
         # Optional factory callable that returns a sync_playwright() context manager.
         # Used by tests to inject a mock playwright without touching the network.
@@ -264,8 +271,15 @@ class QAAgent:
             ctx = self.config.invocation_context
             if ctx == "cli":
                 _selector_hint = (
-                    "Tip: use --auth-file with a JSON file containing "
-                    "username_selector, password_selector, and submit_selector fields."
+                    'Tip: use --auth-file with a JSON file, e.g.:\n'
+                    '  {\n'
+                    '    "auth_url": "https://example.com/login",\n'
+                    '    "username": "user@example.com",\n'
+                    '    "password": "yourpassword",\n'
+                    '    "username_selector": "input#email",\n'
+                    '    "password_selector": "input#password",\n'
+                    '    "submit_selector": "button[type=\'submit\']"\n'
+                    '  }'
                 )
             elif ctx == "web":
                 _selector_hint = (
@@ -283,20 +297,20 @@ class QAAgent:
             try:
                 self.page.fill(username_selector, auth.username)
             except Exception as e:
-                msg = f"Warning: Could not fill username field: {e}"
+                msg = f"Could not fill username field: {e}"
                 if isinstance(e, PlaywrightTimeoutError) and not auth.username_selector:
                     msg += f"\n  {_selector_hint}"
-                self.console.print_progress(msg)
+                self.console.print_error(msg)
 
             # Find and fill password
             password_selector = auth.password_selector or 'input[type="password"]'
             try:
                 self.page.fill(password_selector, auth.password)
             except Exception as e:
-                msg = f"Warning: Could not fill password field: {e}"
+                msg = f"Could not fill password field: {e}"
                 if isinstance(e, PlaywrightTimeoutError) and not auth.password_selector:
                     msg += f"\n  {_selector_hint}"
-                self.console.print_progress(msg)
+                self.console.print_error(msg)
 
             # Submit
             submit_selector = auth.submit_selector or 'button[type="submit"], input[type="submit"], button:has-text("Login"), button:has-text("Sign in")'
@@ -304,10 +318,10 @@ class QAAgent:
                 self.page.click(submit_selector)
                 self.page.wait_for_load_state("networkidle", timeout=10000)
             except Exception as e:
-                msg = f"Warning: Could not submit login form: {e}"
+                msg = f"Could not submit login form: {e}"
                 if isinstance(e, PlaywrightTimeoutError) and not auth.submit_selector:
                     msg += f"\n  {_selector_hint}"
-                self.console.print_progress(msg)
+                self.console.print_error(msg)
 
     def _run_focused_mode(self):
         """Run tests on specific URLs only."""
@@ -344,10 +358,11 @@ class QAAgent:
 
             # Discover new links
             if current_depth < self.config.max_depth:
-                new_urls = self._discover_links(url)
-                for new_url in new_urls:
+                new_links = self._discover_links(url)
+                for link in new_links:
+                    new_url = link['href']
                     if new_url not in self.visited_urls and new_url not in self.urls_to_visit:
-                        if not self._should_skip_url(new_url):
+                        if not self._should_skip_url(new_url, link.get('text', '')):
                             self.urls_to_visit.append(new_url)
                             depth_map[new_url] = current_depth + 1
 
@@ -364,9 +379,27 @@ class QAAgent:
                 self.page.wait_for_load_state("networkidle", timeout=10000)
             load_time = (time.time() - start_time) * 1000
         except Exception as e:
-            self.console.print_progress(f"Error loading page: {e}")
+            self.console.print_error(f"Error loading page: {e}")
             return
 
+        # If we were redirected to the login page, re-authenticate once and continue.
+        # Guard against infinite loops when credentials are wrong.
+        auth = self.config.auth
+        if auth and auth.auth_url and self.page.url != url:
+            auth_path = urlparse(auth.auth_url).path.rstrip('/')
+            current_path = urlparse(self.page.url).path.rstrip('/')
+            if auth_path and current_path == auth_path:
+                if self._reauth_count < 1:
+                    self._reauth_count += 1
+                    self.console.print_progress("Detected redirect to login page, re-authenticating...")
+                    self._authenticate()
+                else:
+                    self.console.print_error(
+                        "Re-authentication attempted but still redirected to login page — "
+                        "check credentials. Skipping further re-auth attempts."
+                    )
+                    return
+
         # Fail fast on page-level HTTP errors — report one finding, skip all testers
         if response is not None and response.status >= 400:
             status = response.status
@@ -512,45 +545,57 @@ class QAAgent:
                 "images_count": 0,
             }
 
-    def _discover_links(self, current_url: str) -> list[str]:
+    _DESTRUCTIVE_URL_PATTERNS = [
+        r'/logout', r'/log-out', r'/sign-out', r'/signout',
+        r'/delete-account', r'/deactivate',
+    ]
+    _DESTRUCTIVE_LINK_TEXT = [
+        'log out', 'logout', 'sign out', 'signout', 'delete account', 'deactivate account',
+    ]
+
+    def _discover_links(self, current_url: str) -> list[dict]:
         """Discover links on the current page for exploration."""
         assert self.page is not None
         try:
-            links = self.page.evaluate("""() => {
+            raw = self.page.evaluate("""() => {
                 const links = document.querySelectorAll('a[href]');
-                return Array.from(links).map(a => a.href).filter(href =>
-                    href &&
-                    !href.startsWith('javascript:') &&
-                    !href.startsWith('mailto:') &&
-                    !href.startsWith('tel:') &&
-                    !href.startsWith('#')
+                return Array.from(links).map(a => ({
+                    href: a.href,
+                    text: (a.textContent || '').trim().toLowerCase()
+                })).filter(item =>
+                    item.href &&
+                    !item.href.startsWith('javascript:') &&
+                    !item.href.startsWith('mailto:') &&
+                    !item.href.startsWith('tel:') &&
+                    !item.href.startsWith('#')
                 );
             }""")
 
-            valid_links = []
+            seen: set[str] = set()
+            valid_links: list[dict] = []
             current_domain = urlparse(current_url).netloc
 
-            for link in links:
-                parsed = urlparse(link)
+            for item in raw:
+                parsed = urlparse(item['href'])
 
-                # Filter by domain if configured
                 if self.config.same_domain_only and parsed.netloc != current_domain:
                     continue
 
-                # Normalize URL
                 normalized = f"{parsed.scheme}://{parsed.netloc}{parsed.path}"
                 if normalized.endswith('/'):
                     normalized = normalized[:-1]
 
-                valid_links.append(normalized)
+                if normalized not in seen:
+                    seen.add(normalized)
+                    valid_links.append({'href': normalized, 'text': item['text']})
 
-            return list(set(valid_links))
+            return valid_links
 
         except Exception:
             return []
 
-    def _should_skip_url(self, url: str) -> bool:
-        """Check if URL should be skipped based on ignore patterns."""
+    def _should_skip_url(self, url: str, link_text: str = "") -> bool:
+        """Check if URL should be skipped based on ignore patterns or destructive heuristics."""
         for pattern in self.config.ignore_patterns:
             if re.search(pattern, url):
                 return True
@@ -561,6 +606,17 @@ class QAAgent:
             if url.lower().endswith(ext):
                 return True
 
+        # Skip destructive/logout URLs — bypassed when AI instructions explicitly request it
+        if not self._allow_destructive_urls:
+            for pattern in self._DESTRUCTIVE_URL_PATTERNS:
+                if re.search(pattern, url, re.IGNORECASE):
+                    self.console.print_progress(f"Skipping destructive link: {url}")
+                    return True
+
+            if link_text and any(t in link_text for t in self._DESTRUCTIVE_LINK_TEXT):
+                self.console.print_progress(f"Skipping logout link (text match): {url}")
+                return True
+
         return False
 
     def _take_screenshot(self, name: str) -> str | None:

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/cli.py

@@ -141,9 +141,9 @@ Examples:
     )
     parser.add_argument(
         "--output-dir",
-        default=str(Path.cwd() / "output"),
-        help="Base directory for all output (default: ./output relative to current directory). "
-             "Results are written to output/{domain}/{session_id}/qa_reports|screenshots|recordings",
+        default=str(Path.cwd() / "qa-agent-output"),
+        help="Base directory for all output (default: ./qa-agent-output relative to current directory). "
+             "Results are written to qa-agent-output/{domain}/{session_id}/qa_reports|screenshots|recordings",
     )
 
     # Browser options

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/config.py

@@ -60,7 +60,7 @@ class TestConfig:
     output_formats: list[OutputFormat] = field(
         default_factory=lambda: [OutputFormat.CONSOLE, OutputFormat.MARKDOWN]
     )
-    output_dir: str = "./output"
+    output_dir: str = "./qa-agent-output"
 
     # Browser settings
     headless: bool = True

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/reporters/console.py

@@ -56,6 +56,10 @@ class ConsoleReporter(BaseReporter):
         """Print progress message."""
         print(f"  → {message}")
 
+    def print_error(self, message: str) -> None:
+        """Print an error message in red."""
+        print(f"  {self._color('✗ ERROR:', '91')} {message}")
+
     def print_warning(self, message: str) -> None:
         """Print a test reliability warning."""
         print(f"  ⚠  {self._color('WARNING:', '93')} {message}")

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/testers/keyboard.py

@@ -327,15 +327,19 @@ class KeyboardTester(BaseTester):
 
                 if focused_index in visited_indices and len(visited_indices) < 3:
                     # Focus is cycling through fewer than 3 elements while the page
-                    # has more than 3 focusable elements — genuine trap.
+                    # has more than 3 focusable elements — genuine trap per WCAG 2.1 SC 2.1.2.
+                    # Reported as MEDIUM: even a single-element trap prevents navigation away.
                     self.findings.append(Finding(
                         title="Potential keyboard trap detected",
-                        description=f"Focus cycles through only {len(visited_indices)} elements repeatedly",
+                        description=(
+                            f"Focus cycles through only {len(visited_indices)} element(s) repeatedly. "
+                            "Keyboard-only users cannot navigate past this component (WCAG 2.1 SC 2.1.2)."
+                        ),
                         category=FindingCategory.KEYBOARD_NAVIGATION,
-                        severity=Severity.HIGH,
+                        severity=Severity.MEDIUM,
                         url=self.page.url,
                         expected_behavior="User should be able to TAB through all interactive elements",
-                        actual_behavior=f"Focus trapped cycling through {len(visited_indices)} elements",
+                        actual_behavior=f"Focus trapped cycling through {len(visited_indices)} element(s)",
                         metadata={"trapped_elements": list(visited_indices)},
                     ))
                     break

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/web/server.py

@@ -28,7 +28,7 @@ from ..llm_client import LLMProvider
 
 # ── Paths ─────────────────────────────────────────────────────────────────────
 _HERE = Path(__file__).resolve().parent      # qa_agent/web/
-OUTPUT_DIR = Path.cwd() / "output"
+OUTPUT_DIR = Path.cwd() / "qa-agent-output"
 
 # ── Flask app ──────────────────────────────────────────────────────────────────
 app = Flask(__name__, template_folder=str(_HERE / "templates"))

{qa_agent-0.2.2 → qa_agent-0.2.3}/qa_agent/web/static/app.js

@@ -71,6 +71,31 @@
     form.reset();
     document.getElementById('explore-section').style.display = 'none';
   });
+
+  document.getElementById('export-config-btn')?.addEventListener('click', () => {
+    const cfg = collectFormData(form);
+    const blob = new Blob([JSON.stringify(cfg, null, 2)], { type: 'application/json' });
+    const a = document.createElement('a');
+    a.href = URL.createObjectURL(blob);
+    a.download = 'qa-agent-config.json';
+    a.click();
+    URL.revokeObjectURL(a.href);
+  });
+
+  document.getElementById('import-config-input')?.addEventListener('change', function () {
+    const file = this.files[0];
+    if (!file) return;
+    const reader = new FileReader();
+    reader.onload = e => {
+      try {
+        applyConfig(JSON.parse(e.target.result));
+      } catch (_) {
+        alert('Invalid config file.');
+      }
+    };
+    reader.readAsText(file);
+    this.value = '';
+  });
 })();
 
 

qa_agent-0.2.3/qa_agent/web/static/index.js

@@ -0,0 +1,91 @@
+// Show/hide explore section based on mode
+document.querySelectorAll('input[name="mode"]').forEach(radio => {
+  radio.addEventListener('change', () => {
+    document.getElementById('explore-section').style.display =
+      document.querySelector('input[name="mode"]:checked').value === 'explore' ? '' : 'none';
+  });
+});
+
+// Screenshot dependency logic (mirrors CLI coupling):
+//   on_error and full_page require screenshots_enabled
+//   on_interaction requires on_error  (matches --screenshots-all behaviour)
+(function () {
+  const ssEnabled    = document.getElementById('ss_enabled');
+  const ssOnError    = document.getElementById('ss_on_error');
+  const ssOnInteract = document.getElementById('ss_on_interaction');
+  const ssFullPage   = document.getElementById('ss_full_page');
+
+  function syncScreenshots() {
+    const enabled = ssEnabled.checked;
+    const onError = ssOnError.checked;
+
+    ssOnError.disabled    = !enabled;
+    ssFullPage.disabled   = !enabled;
+    ssOnInteract.disabled = !enabled || !onError;
+
+    if (!enabled) {
+      ssOnError.checked    = false;
+      ssFullPage.checked   = false;
+      ssOnInteract.checked = false;
+    }
+    if (!onError) {
+      ssOnInteract.checked = false;
+    }
+  }
+
+  ssEnabled.addEventListener('change', syncScreenshots);
+  ssOnError.addEventListener('change', syncScreenshots);
+  syncScreenshots();
+})();
+
+// LLM provider → model options + env-var hint
+(function () {
+  const MODELS = {
+    anthropic: [
+      { value: '',                          label: 'Default (claude-sonnet-4-6)' },
+      { value: 'claude-sonnet-4-6',         label: 'claude-sonnet-4-6' },
+      { value: 'claude-opus-4-6',           label: 'claude-opus-4-6' },
+      { value: 'claude-haiku-4-5-20251001', label: 'claude-haiku-4-5-20251001' },
+    ],
+    openai: [
+      { value: '',            label: 'Default (gpt-4o)' },
+      { value: 'gpt-4o',      label: 'gpt-4o' },
+      { value: 'gpt-4o-mini', label: 'gpt-4o-mini' },
+      { value: 'gpt-4-turbo', label: 'gpt-4-turbo' },
+      { value: 'o1',          label: 'o1' },
+      { value: 'o1-mini',     label: 'o1-mini' },
+    ],
+  };
+  const KEY_HINTS = {
+    anthropic: 'Requires <code>ANTHROPIC_API_KEY</code>',
+    openai:    'Requires <code>OPENAI_API_KEY</code>',
+  };
+
+  function updateLLMOptions() {
+    const provider = document.getElementById('llm_provider').value;
+    const modelSel = document.getElementById('ai_model');
+    const hint     = document.getElementById('llm_key_hint');
+    const models   = MODELS[provider] || [];
+
+    modelSel.innerHTML = models
+      .map(m => `<option value="${m.value}">${m.label}</option>`)
+      .join('');
+
+    if (hint) hint.innerHTML = KEY_HINTS[provider] || '';
+  }
+
+  document.getElementById('llm_provider').addEventListener('change', updateLLMOptions);
+  updateLLMOptions();
+})();
+
+// Load instructions from a local text/markdown file into the textarea
+document.getElementById('instructions_file')?.addEventListener('change', function () {
+  const file = this.files[0];
+  if (!file) return;
+  const reader = new FileReader();
+  reader.onload = e => {
+    document.getElementById('instructions').value = e.target.result;
+  };
+  reader.readAsText(file);
+  this.value = '';
+});

qa_agent-0.2.3/qa_agent/web/static/run.js

@@ -0,0 +1,200 @@
+(function () {
+  const JOB_ID = document.getElementById('run-header').dataset.jobId;
+  const log = document.getElementById('log');
+  const statusBadge = document.getElementById('status-badge');
+  const stopBtn = document.getElementById('stop-btn');
+  const statsEl = document.getElementById('run-stats');
+  const statPages = document.getElementById('stat-pages');
+  const statFindings = document.getElementById('stat-findings');
+  const statUrl = document.getElementById('stat-url');
+  const completeBanner = document.getElementById('complete-banner');
+  const errorBanner = document.getElementById('error-banner');
+  const stoppedBanner = document.getElementById('stopped-banner');
+  const autoscroll = document.getElementById('autoscroll');
+  let findingCount = 0;
+  let pageCount = 0;
+
+  function setStatus(status) {
+    statusBadge.className = 'badge badge-' + status;
+    statusBadge.textContent = status.charAt(0).toUpperCase() + status.slice(1);
+    if (status === 'running') {
+      stopBtn.style.display = '';
+      statsEl.style.display = '';
+    }
+    if (['completed', 'failed', 'stopped'].includes(status)) {
+      stopBtn.style.display = 'none';
+    }
+  }
+
+  document.getElementById('clear-log-btn').addEventListener('click', () => { log.innerHTML = ''; });
+
+  stopBtn.addEventListener('click', () => {
+    stopBtn.disabled = true;
+    stopBtn.textContent = 'Stopping after current page…';
+    fetch('/api/stop/' + JOB_ID, { method: 'POST' }).catch(() => {});
+  });
+
+  // ── Elapsed timer ─────────────────────────────────────────────────────────────
+  const statElapsed = document.getElementById('stat-elapsed');
+  let startTime = null;
+  let elapsedInterval = null;
+
+  function startTimer() {
+    if (elapsedInterval) return;
+    startTime = Date.now();
+    elapsedInterval = setInterval(() => {
+      const secs = Math.floor((Date.now() - startTime) / 1000);
+      const m = Math.floor(secs / 60);
+      const s = secs % 60;
+      statElapsed.textContent = m + ':' + String(s).padStart(2, '0');
+    }, 1000);
+  }
+
+  function stopTimer() {
+    if (elapsedInterval) {
+      clearInterval(elapsedInterval);
+      elapsedInterval = null;
+    }
+  }
+
+  // ── Log filtering ─────────────────────────────────────────────────────────────
+  let activeFilter = 'all';
+
+  function lineMatchesFilter(line, filter) {
+    if (filter === 'all') return true;
+    if (filter === 'finding') return line.classList.contains('log-finding');
+    if (filter === 'error') return line.classList.contains('log-error') || (line.classList.contains('log-finding') && line.classList.contains('log-critical')) || (line.classList.contains('log-finding') && line.classList.contains('log-high'));
+    return true;
+  }
+
+  document.querySelectorAll('.log-filter').forEach(btn => {
+    btn.addEventListener('click', () => {
+      activeFilter = btn.dataset.filter;
+      document.querySelectorAll('.log-filter').forEach(b => b.classList.remove('active'));
+      btn.classList.add('active');
+      log.querySelectorAll('.log-line').forEach(line => {
+        line.style.display = lineMatchesFilter(line, activeFilter) ? '' : 'none';
+      });
+      if (autoscroll.checked) log.scrollTop = log.scrollHeight;
+    });
+  });
+
+  function appendLog(msg, cls) {
+    const line = document.createElement('div');
+    line.className = 'log-line' + (cls ? ' ' + cls : '');
+    line.textContent = msg;
+    line.style.display = lineMatchesFilter(line, activeFilter) ? '' : 'none';
+    log.appendChild(line);
+    if (autoscroll.checked && line.style.display !== 'none') log.scrollTop = log.scrollHeight;
+  }
+
+  // ── SSE stream ────────────────────────────────────────────────────────────────
+  // Pre-check actual job status before opening SSE — the job may still be queued
+  // or may have already finished if the user is loading a page for an old job.
+  function startStream() {
+    const es = new EventSource('/api/stream/' + JOB_ID);
+    startTimer();
+
+    es.addEventListener('log', e => {
+      const data = JSON.parse(e.data);
+      appendLog(data.message);
+    });
+
+    es.addEventListener('progress', e => {
+      const data = JSON.parse(e.data);
+      pageCount++;
+      statPages.textContent = pageCount;
+      statUrl.textContent = data.url || '';
+      appendLog(data.message, 'log-progress');
+    });
+
+    es.addEventListener('finding', e => {
+      const data = JSON.parse(e.data);
+      findingCount++;
+      statFindings.textContent = findingCount;
+      appendLog('[' + data.severity.toUpperCase() + '] ' + data.title, 'log-finding log-' + data.severity);
+    });
+
+    es.addEventListener('complete', e => {
+      const data = JSON.parse(e.data);
+      es.close();
+      stopTimer();
+      setStatus(data.status || 'completed');
+      statFindings.textContent = data.total_findings || findingCount;
+      if (data.status === 'stopped') {
+        stoppedBanner.style.display = '';
+        if (data.session_id && data.domain) {
+          const link = document.getElementById('stopped-link');
+          link.href = '/session/' + data.domain + '/' + data.session_id;
+          document.getElementById('stopped-session-link').style.display = '';
+        }
+      } else {
+        completeBanner.style.display = '';
+        if (data.session_id && data.domain) {
+          document.getElementById('session-link').href = '/session/' + data.domain + '/' + data.session_id;
+        }
+      }
+    });
+
+    es.addEventListener('error', e => {
+      if (e.data) {
+        const data = JSON.parse(e.data);
+        es.close();
+        stopTimer();
+        setStatus('failed');
+        errorBanner.style.display = '';
+        errorBanner.textContent = 'Error: ' + data.message;
+      }
+    });
+
+    es.onerror = () => {
+      es.close();
+      stopTimer();
+      fetch('/api/status/' + JOB_ID)
+        .then(r => r.json())
+        .then(d => {
+          setStatus(d.status);
+          statFindings.textContent = d.total_findings || findingCount;
+          if (d.status === 'completed' && d.session_id) {
+            completeBanner.style.display = '';
+            document.getElementById('session-link').href = '/session/' + d.domain + '/' + d.session_id;
+          } else if (d.status === 'failed') {
+            errorBanner.style.display = '';
+            errorBanner.textContent = 'Error: ' + (d.error || 'Unknown error');
+          }
+        })
+        .catch(() => appendLog('Connection lost. Refresh to check status.', 'log-error'));
+    };
+  }
+
+  fetch('/api/status/' + JOB_ID)
+    .then(r => r.json())
+    .then(d => {
+      const finalStates = ['completed', 'stopped', 'failed'];
+      setStatus(d.status);
+      if (finalStates.includes(d.status)) {
+        statFindings.textContent = d.total_findings || 0;
+        if (d.status === 'completed' && d.session_id) {
+          completeBanner.style.display = '';
+          document.getElementById('session-link').href = '/session/' + d.domain + '/' + d.session_id;
+        } else if (d.status === 'stopped') {
+          stoppedBanner.style.display = '';
+          if (d.session_id && d.domain) {
+            document.getElementById('stopped-link').href = '/session/' + d.domain + '/' + d.session_id;
+            document.getElementById('stopped-session-link').style.display = '';
+          }
+        } else if (d.status === 'failed') {
+          errorBanner.style.display = '';
+          errorBanner.textContent = 'Error: ' + (d.error || 'Unknown error');
+        }
+      } else {
+        startStream();
+      }
+    })
+    .catch(() => {
+      // Status check failed — fall back to opening SSE directly
+      setStatus('running');
+      startStream();
+    });
+
+}());